The majority of software development projects normally connected with the application of new or
advanced technologies. The use of advanced and, in most cases, unproven technology on software
development projects could leads to a large number of risks. Every aspect of a software
development project could be influenced by risks that could cause project failure. Generally, the
success of a software development project is directly connected with the involved risk, i.e. project
risks should be successfully mitigated in order to finish a software development project within the
budget allocated.
One of the early researches on risk of software projects was conducted by Boehm (1991)
where the research identified top 10 risk factors for software project. Boehm research had been the
starting point of research in risk of software projects. For the past 10-15 years, many researches had
been conducted with the introduction of frameworks and guidelines. However, still software
development project failures had been reported in the academic literatures. Researchers and
practitioners in this area have long been concerned with the difficulties of managing the risks
relating to the development and implementation of IT software projects.
This research is concerned specifically with the risk of failure of IT software projects, and
how related risk constructs are framed. Extant research highlights the need for further research into
how a theoretically coherent risk construct can be combined with an empirical validation of the
links between risk likelihood, risk impact on cost overrun, and evidence of strategic responses in
terms of risk mitigation
The proposal within this research is to address this aspect of the debate by seeking to
clarify the role of a project life cycle as a frame of reference that contracting parties might agree
upon and which should act as the basis for the project risk construct. The focus on the project life
cycle as a risk frame of reference potentially leads to a common, practical view of the (multi)
dimensionality setting of risk within which risk factors may be identified and which believe to be
grounded across a wide range of projects and, specifically in this research, for IT software projects.
The research surveyed and examine the opinions of professionals in IT and software
companies. We assess which risk factors are most likely to occur in IT software projects; evaluate
risk impact by assessing which risk factors IT professionals specifically think are likely to give rise
to the possibility of cost overruns; and we empirically link which risk mitigation strategies are most
likely to be employed in practice as a response to the risks and impacts identified.
The data obtained were processed, analysed and ranked. By using the EXCEL and SPSS
for factor analysis, all the risk factors were reduced and groups into clusters and components for
further correlation analysis. The analysis was able to evidence opinion on risk likelihood, the
impact of the risk of cost overrun, and the strategic responses that are likely to be effective in
mitigating the risks that emerge in IT software projects.
The analysis indicates that it is possible to identify a grouping of risk that is reflective of
the different stages of the project life cycle which suggest three identifiable groups when viewing
risk from the likelihood of occurrence and three identifiable groups from a cost overrun
perspective. The evidence relating to the cost overrun view of risk provided a stronger view of
which components of risk were important compared with risk likelihood. The research account for
this difference by suggesting that a more coherent framework, or risk construct, offered by viewing
risk within the context of a project life cycle allows those involved in IT software projects to have a
clearer view of the relationships between risk factors. It also allows the various risk components
and the associated emergent clusters to be more readily identifiable.
The research on strategic response indicated different strategies as being effective between
risk likelihood versus cost overrun. The study was able to verify the effective mitigation strategies
that are correlated to the risk components. In this way, the actions or consequences conditioned can
be observed on identification of risk likelihood and risk impact on cost overrun. However, the
focus of attention on technical issues and the degree to which they attract strategic response is a
new finding in addition to the usual reports concerning the importance of non-technical aspects of
IT software projects.
The research also developed a fuzzy theory based model to assist software practitioners in
the software development life cycle. This model could help the practitioners in the decision making
of dealing with risks in the software project.
The contribution of the research relates to the assessment of risk within a construct that is
defined in the context of a fairly broadly accepted view of the life cycle of projects. The software
risk construct based on the project management framework proposed in this research could
facilitates a focus on roles and responsibilities, and allows for the coordination and integration of
activities for regular monitoring and aligning with the project goals. This contribution would better
enable management to identify and manage risk as they emerge with project stages and more
closely reflect project activity and processes and facilitate the risk management strategies exercise.
Keywords: risk management, project planning, IT implementation, project life cycle